Russian hackers who infiltrated Microsoft’s systems and surveilled staff inboxes earlier this year also pilfered emails from its customers, the tech giant revealed on Thursday. This disclosure highlights the extensive nature of the breach as Microsoft faces heightened regulatory scrutiny over the security of its software and systems against foreign threats. Another group, reportedly Chinese, breached Microsoft last year and stole thousands of U.S. government emails. The Russian government has not responded to these allegations, but Microsoft noted that the hackers targeted cybersecurity researchers investigating the actions of the Russian hacking group.
“This week, we are continuing to notify customers whose communications with Microsoft corporate email accounts were compromised by the Midnight Blizzard threat actor,” a Microsoft spokesperson stated in an emailed announcement, following an earlier report by Bloomberg. Microsoft mentioned it was also sharing the compromised emails with affected customers but did not specify the number impacted or how many emails were stolen.
In January, Microsoft had initially reported that Midnight Blizzard accessed “a very small percentage” of its corporate email accounts. Four months later, the company revealed ongoing attempts by the hackers to penetrate further, prompting concern within the security industry and among customers about the persisting vulnerabilities in Microsoft’s systems. These incidents, along with the Chinese hack last year, led to a Congressional hearing where Microsoft President Brad Smith discussed ongoing efforts to overhaul the company’s security practices.
